CME Group (www.cmegroup.com) is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

CME Group Infrastructure Security Architect provides leadership on security subject matter through design & delivery of integrated solution architectures and development of standards and reference architectures. By adding your experience and extensive knowledge on multiple technologies and solutions to the team's collective skills and experience we further enhance our ability to provide secure technical design recommendations that target on delivering business value through successful project and program delivery.

The Architect position will participate in all functions related to Infrastructure Security Architecture, including: infrastructure security strategy and roadmap planning, acting as a security liaison to the business, and help facilitate demand management.

This role requires a high level of technical expertise in multiple disciplines within Infrastructure and Information Security, including: networking, virtualization, identity and access management (IAM), directory services (LDAP/AD), cloud computing (AWS, GCP, Azure), databases, basic understanding of security and regulatory frameworks (CIS, NIST, RegSCI, HIPAA, etc.), exposure to security stack technologies (IDS/IPS, SIEM, etc.) among other disciplines. In addition to technical prowess, the role will require mentorship, design guidance, and consultation to drive change and support the evolution of CME Group. As a leader on the Global Information Security team (GIS), the incumbent is expected to remain engaged with and support other leaders across GIS and Technology to ensure the timely delivery of security and business solutions.

Principal Accountabilities

This role will actively lead the creation and updating of standards and reference architectures. Standards may be required for CME Group to comply with regulatory requirements set forth by various regulatory bodies that provide oversight to CME Group business functions. Reference architectures provide direction and guidance on proper compliance with these defined standards. While performing infrastructure assessments, decisions on threat modeling and proper service design, structure, and implementation will be required.

This role will help forecast demand for Infrastructure Architecture services by meeting with CME business units to better understand their needs. This role will also help determine necessary resource levels to support those business units' needs.

Communicate and collaborate with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance, Enterprise Risk Management, Third Party Risk Management, and other business unit leadership.

Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and drivers.

Lead infrastructure security assessments and assist in planning the remediation of assessment, audit, and regulatory findings.

Participate in and contribute to key working groups across the enterprise, including but not limited to: Architecture Review Board and/or change advisory boards. Prepare reports for senior management including presentations, metrics, and other documentation required to support governance functions.

Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly assess and govern Infrastructure architecture and the software development lifecycle.

Participate in development of the security roadmap, and communicate GIS' vision to business partners and IT staff

Actively participates in Communities of Practice to ensure effective adoption of security and continuous improvement of security efforts

Act as an advocate for security and lead efforts to promote security awareness at all levels of the organizations

Ensure that all risk considerations are identified and addressed with new and modified services

Monitor and enhance secure architecture standards within the Software Development Lifecycle

Identify and establish core architectural mechanisms to enhance the security of services

Support larger architectural projects while leading internal projects

Perform infrastructure security assessments

Provide consultation on secure infrastructure design

This role will influence and collaborate regularly with various peers via steering committees, standards and policy governance teams and other group settings that formulate CME Group security policies, standards, and reference architectures. This role will lead formation of policies, standards, reference architectures, process and procedures as they relate to infrastructure architecture at CME Group.

Experience

A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.7+ years of experience as an enterprise and/or security architect in publicly traded companies or finance/technology industry; or minimum 7 years as a consultant to such companies at a commensurate level.

Experience with or deep exposure to the financial industry, focused on clearing or trading

Demonstrable knowledge of a broad range of Information Security technologies and practices